I would really like to see ipsec tunnels as interfaces instead of ipsec policies. With the current policy system, It is quite difficult to handle site to site ipsec VPNs. I basically have to do a tunnel and policy for a single address on both sides and then an ipip tunnel so I have an interface to route through (using OSPF, or static routes)
+1 like
No you don’t have to create policy then ipip tunnel and then reroute over the tunnel.
You simply need to add policy with option tunnel=yes.
See the configuration example:
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Site_to_Site_IpSec_Tunnel
+1
Its long overdue